Closed uakfdotb closed 9 years ago
I think this can only be supported if users provide an e-mail address, unless we want security questions. So we ask for username and e-mail address, if both match then we send them password reset email with link to form and random token, tokens expire after twelve hours.
Implemented in 8498b376458e914f8427fe3d5288b210efc93957
Users should be able to reset password somehow, maybe?